...
How
...
do
...
I
...
logout
...
in
...
Sakai
...
so
...
that
...
DistAuth
...
cookies
...
are
...
deleted?
...
During
...
normal
...
logout
...
in
...
Sakai,
...
only
...
the
...
Sakai
...
sessions
...
are
...
cleared.
...
To
...
ensure
...
that
...
the
...
DistAuth
...
cookies
...
are
...
deleted,
...
one
...
must
...
modify
...
the
...
LoginTool.java
...
file
...
in
...
the
...
sakai-2-0-1-src\login\login\src\java\org\sakaiproject\tool\login
...
directory.
...
An
...
additional
...
parameter
...
can
...
be
...
added
...
to
...
the
...
sakai.properties
...
file
...
so
...
that
...
the
...
logout
...
url
...
is
...
correctly
...
referenced.
...
Steps
...
involved
...
#1.
...
modify
...
the
...
complete()
...
method
...
to
...
be
...
the
...
following:
| Code Block |
|---|
<code> protected void complete(String returnUrl, Session session, Tool tool, HttpServletResponse res, String reply) throws IOException { //added info by Scott Amerson to include logout url for secureweb // cleanup session if (session != null) { session.removeAttribute(Tool.HELPER_MESSAGE); session.removeAttribute(Tool.HELPER_DONE_URL); session.removeAttribute(ATTR_MSG); session.removeAttribute(ATTR_RETURN_URL); session.removeAttribute(ATTR_CONTAINER_CHECKED); } // redirect to the done URL //only send user to secureweb on /logout path, not /xlogin or /login if (reply.equals("logout")) { String LogOutURL = ServerConfigurationService.getString("secureweb.logoutURL", ""); res.sendRedirect(LogOutURL + res.encodeRedirectURL(returnUrl)); } else { res.sendRedirect(res.encodeRedirectURL(returnUrl)); } } <code> |
#2.
...
Add
...
the
...
following
...
secureweb
...
logout
...
url
...
value
...
to
...
the
...
Tomcat/sakai/sakai.properties
...
file:
...
secureweb.logoutURL=https://secureweb.ucdavis.edu/form-auth/logout?
...
This
...
logout
...
url
...
will
...
direct
...
Sakai
...
to
...
secureweb
...
to
...
logout
...
the
...
cookies
...
properly,
...
and
...
redirect
...
the
...
user
...
to
...
the
...
intended
...
url.